The Fight For Your Financial Data Is Getting Ugly

As the ancient Internet cliché (circa 2010) put it, “If you aren’t paying for the product, you are the product.” Just how valuable a commodity you are is on vivid display now in an ongoing, high-stakes tug-of-war over your financial data.

On one side are the traditional banks and other financial institutions where you keep money or borrow it. They know a great deal about how much you have, where it comes from and where it goes – as well as how much interest they pay on your deposits or charge on your mortgage, credit cards or other debts.

On the other side is the ever-lengthening list of web-based services that offer to collect your data from financial institutions, promising to help you better manage your money, pay your bills, invest more profitably or make sure you’re on track for retirement. Among the big names in the field are services such as Mint, Personal Capital, Venmo and Yodlee. (Also see: Free Tools to Help You Manage Your Money and 4 Best Personal Finance Apps for 2017.)

The Fight for Your Financial Data

Increasingly, major banks are balking at allowing web-based services like these full access to customers’ information, according to reports in American Banker, the New York Times, the Wall Street Journal and elsewhere.

Banks cite a range of concerns, including the privacy of customer financial data and the security of that information (as well as individuals’ usernames and passwords) once it leaves their platform and enters another company’s. Some banks have reportedly also asked the online services to pay for access to the data.

The web-based services, meanwhile, frame the question as whether your banking information belongs to the bank or to you. If it’s the latter, they maintain, then you should be free to share it in order to use their services. In January a group of them launched an organization called Consumer Financial Data Rights to press that case.

3 Factors to Consider

In this tug-or-war between behemoth banks and Internet icons, it’s easy for the consumer to feel like the poor, helpless rope. But remember: You do have some control. For starters, it’s your decision whether to allow a web-based service access to your information. Here are three things to consider:

1.Know what you’re giving up. Before you commit to using a web-based service, actually read its privacy and security statements and make sure you’re comfortable with them.

The security page for Venmo, the money-transfer service owned by PayPal, for example, says that, “Your financial information is encrypted, stored and protected on secure servers.” But it also makes clear that Venmo “does not offer buyer or seller protection” if a transaction goes awry.

Reading all this fine print can take some time. Mint’s “Terms of Use,” which you must agree to if you want to avail yourself of its services, runs some 11,000 words, its privacy policy another 3,000 words.

Bear in mind that while these services may use state-of-the-art methods to protect your information, the state of the art is constantly changing and even the most conscientious companies can find their systems compromised if hackers get a step ahead of them. Such big-name brands as eBay, Home Depot, Target, Yahoo and Zappos have been the reported victims of data breaches in recent years, and along with them, millions of their customers. Even the IRS was successfully hacked, in 2014-2015.

In fact, the nonprofit Privacy Rights Clearinghouse catalogs more than 5,000 data breaches that have been made public since 2005, affecting more than 900 million records. And that doesn’t include breaches that companies have managed to keep quiet.

Of course, your bank may be no less vulnerable to attack than a web service provider. But the more computer servers your financial information resides on, the greater the potential opportunity for it to be stolen.

2. Weigh the tradeoff. Next, decide whether the convenience of using a particular service is worth the “price” you pay. In addition to the potential security risks, you may find yourself being marketed to by financial services providers related, or not, to the one you’ve signed up for.

Whether that’s a small price to pay or an intolerable intrusion on your privacy basically depends on how easily annoyed you are.

If you are hugely concerned about sharing your financial information online, you can, of course, do such things as calculating your progress toward retirement by using offline software, a spreadsheet program like Excel or even pencil and paper. But you’ll lose the advantage of real-time access to your account information that these services provide, and you may find that keeping the project up-to-date is such a chore that you’ll soon give up and abandon it.

3. Keep an eye on your accounts. If your usernames and passwords are stolen and your accounts plundered, you may know before the financial institutions in question do. So check your account balances regularly and investigate any transactions you don’t immediately recognize. Your bank account is most likely insured up to $250,000 by the Federal Deposit Insurance Corporation.

If your brokerage account is hacked, however, you may have more trouble recouping. The Securities Investor Protection Corporation, which can step in when member brokerage firms fail, passes the buck when it comes to hacking. “If you discover that your account has been hacked or your securities or cash have been stolen,” it says on its website, “you should contact your brokerage firm, the SEC, FINRA, your state securities regulator, and/or law enforcement authorities.”

Meanwhile, don’t forget to take sensible precautions to keep the financial information on your home computer, laptop or smartphone safe. It may be more vulnerable there than it is on any bank’s or other company’s server. (For more, see: Digital Ways to Protect Digital Data.)

The Bottom Line

Banks and web-based financial services are fighting over your data. But remember: It really is yours to begin with. In deciding whether to enroll in a web-based service you’ll have to decide whether the risks involved in turning over your information – which may include the usernames and passwords on your accounts – is worth the “free” service you’ll be getting in return.